Source versus target metadata-based data integrity checking

ABSTRACT

A method and system for source versus target metadata-based data integrity checking. Concerning backup operations directed to protecting given data, said given data may be subjected to corruption detection at the source prior to initiating a backup operation, however, said given data may not be checked for data integrity following transfer of said given data to a target storage medium prior to committing the said given data thereto. That is, at least presently, the prospect of data corruption compromising given data during the time window through which the given data journeys, usually via a network, from its source to a target storage medium, is often overlooked. The disclosed method and system, accordingly, propose a scheme directed to detecting corruption amongst data transferred from a source to a target storage medium, and handling said data given the determined integrity of said data.

BACKGROUND

At least presently, the prospect of data corruption compromising givendata during the time window through which the given data journeys,usually via a network, from its source to a target storage medium, isoften overlooked.

SUMMARY

In general, in one aspect, the invention relates to a method for dataprotection. The method includes providing, to an asset source,instructions for initiating a backup operation targeting an asset on theasset source, receiving, from the asset source and in response to theinstructions, source backup information pertinent to the asset,receiving, from a backup target, target backup information pertinent toan asset backup associated with the asset, making a determination thatthe source backup information matches the target backup information, andinstructing, based on the determination, the backup target to commit theasset backup.

In general, in one aspect, the invention relates to a non-transitorycomputer readable medium (CRM). The non-transitory CRM includes computerreadable program code, which when executed by a computer processor,enables the computer processor to perform a method for data protection.The method includes providing, to an asset source, instructions forinitiating a backup operation targeting an asset on the asset source,receiving, from the asset source and in response to the instructions,source backup information pertinent to the asset, receiving, from abackup target, target backup information pertinent to an asset backupassociated with the asset, making a determination that the source backupinformation matches the target backup information, and instructing,based on the determination, the backup target to commit the assetbackup.

Other aspects of the invention will be apparent from the followingdescription and the appended claims.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 shows a system in accordance with one or more embodiments of theinvention.

FIG. 2 shows a flowchart describing a method for source versus targetmetadata-based data integrity checking in accordance with one or moreembodiments of the invention.

FIG. 3 shows an exemplary computing system in accordance with one ormore embodiments of the invention.

DETAILED DESCRIPTION

Specific embodiments of the invention will now be described in detailwith reference to the accompanying figures. In the following detaileddescription of the embodiments of the invention, numerous specificdetails are set forth in order to provide a more thorough understandingof the invention. However, it will be apparent to one of ordinary skillin the art that the invention may be practiced without these specificdetails. In other instances, well-known features have not been describedin detail to avoid unnecessarily complicating the description.

In the following description of FIGS. 1-3 , any component described withregard to a figure, in various embodiments of the invention, may beequivalent to one or more like-named components described with regard toany other figure. For brevity, descriptions of these components will notbe repeated with regard to each figure. Thus, each and every embodimentof the components of each figure is incorporated by reference andassumed to be optionally present within every other figure having one ormore like-named components. Additionally, in accordance with variousembodiments of the invention, any description of the components of afigure is to be interpreted as an optional embodiment which may beimplemented in addition to, in conjunction with, or in place of theembodiments described with regard to a corresponding like-namedcomponent in any other figure.

Throughout the application, ordinal numbers (e.g., first, second, third,etc.) may be used as an adjective for an element (i.e., any noun in theapplication). The use of ordinal numbers is not to necessarily imply orcreate any particular ordering of the elements nor to limit any elementto being only a single element unless expressly disclosed, such as bythe use of the terms “before”, “after”, “single”, and other suchterminology. Rather, the use of ordinal numbers is to distinguishbetween the elements. By way of an example, a first element is distinctfrom a second element, and a first element may encompass more than oneelement and succeed (or precede) the second element in an ordering ofelements.

In general, embodiments of the invention relate to a method and systemfor source versus target metadata-based data integrity checking.Concerning backup operations directed to protecting given data, saidgiven data may be subjected to corruption detection at the source priorto initiating a backup operation, however, said given data may not bechecked for data integrity following transfer of said given data to atarget storage medium prior to committing the said given data thereto.That is, at least presently, the prospect of data corruptioncompromising given data during the time window through which the givendata journeys, usually via a network, from its source to a targetstorage medium, is often overlooked. Embodiments of the invention,accordingly, propose a scheme directed to detecting corruption amongstdata transferred from a source to a target storage medium, and handlingsaid data given the determined integrity of said data.

FIG. 1 shows a system in accordance with one or more embodiments of theinvention. The system (100) may include an asset source (102), a backuptarget (110), a data protection manager (114), and an admin device(118). Each of these system (100) components is described below.

In one embodiment of the invention, the asset source (102) may representany physical appliance or computing system designed and configured toreceive, generate, process, store, and/or transmit data, as well as toprovide an environment in which one or more computer programs mayexecute thereon. The computer program(s) may, for example, implementlarge-scale and complex data processing; or implement one or moreservices offered locally or over a network. Further, in providing anexecution environment for any computer program(s) installed thereon, theasset source (102) may include and allocate various resources (e.g.,computer processors, memory, storage, virtualization, network bandwidth,etc.), as needed, to the computer program(s) and the workloadsinstantiated thereby. One of ordinary skill will appreciate that theasset source (102) may perform other functionalities without departingfrom the scope of the invention. Examples of the asset source (102) mayinclude, but are not limited to, a desktop computer, a laptop computer,a server, a mainframe, or any other computing system similar to theexemplary computing system shown in FIG. 3 . Moreover, the asset source(102) may include one or more assets (104A-104N), a backup and recoveryagent (106), and a source corruption detection agent (108). Each ofthese asset source (102) subcomponents is described below.

In one embodiment of the invention, an asset (104A-104N) may refer to adatabase, or any logical container to and from data (and/or metadatathereof), which has been received by or generated on the asset source(102), may be stored and retrieved, respectively. An asset (104A-104N)may occupy any portion of persistent storage (not shown) available onthe asset source (102). Examples of persistent storage may include, butare not limited to, optical storage, magnetic storage, NAND FlashMemory, NOR Flash Memory, Magnetic Random Access memory (M-RAM), SpinTorque Magnetic RAM (ST-MRAM), Phase Change Memory (PCM), or any otherstorage defined as non-volatile Storage Class memory (SCM).

In one embodiment of the invention, the backup and recovery agent (106)may refer to a computer program that may execute on the underlyinghardware of the asset source (102), which may be responsible forfacilitating backup and recovery operations targeting one or more assets(104A-104N) on the asset source (102). To that extent, the backup andrecovery agent (106) may protect one or more assets (104A-104N) againstdata loss (i.e., backup the targeted data and/or metadata); andreconstruct one or more assets (104A-104N) following such data loss(i.e., recover the targeted data and/or metadata). Further, one ofordinary skill will appreciate that the backup and recovery agent (106)may perform other functionalities without departing from the scope ofthe invention.

In one embodiment of the invention, the source corruption detectionagent (108) may refer to a computer program that may execute on theunderlying hardware of the asset source (102), which may be responsiblefor metadata submission therefrom. More specifically, the sourcecorruption detection agent (108) may include functionality to: uponreceipt of instructions from the data protection manager (114) toinitiate a backup operation at the asset source (102) for a given asset(104A-104N), obtain metadata (or a cryptographic hash thereof)descriptive of the data belonging to the given asset (104A-104N); andsubmit the obtained metadata (or the cryptographic hash thereof) to thedata protection manager (114) prior to initiating the backup operationper the received instructions. One of ordinary skill, however, willappreciate that the source corruption detection agent (108) may performother functionalities without departing from the scope of the invention.

In one embodiment of the invention, the backup target (110) mayrepresent any data backup, archiving, and/or disaster recovery storagesystem. The backup target (110) may be implemented using one or morestorage servers (or computing systems similar to the exemplary computingsystem shown in FIG. 3 ) (not shown)—each of which may house one or manystorage devices for storing data. Further, the backup target (110) may,at least in part, include persistent storage. Examples of persistentstorage may include, but are not limited to, optical storage, magneticstorage, NAND Flash Memory, NOR Flash Memory, Magnetic Random AccessMemory (M-RAM), Spin Torque Magnetic RAM (ST-MRAM), Phase Change Memory(PCM), or any other storage defined as non-volatile Storage Class Memory(SCM). Moreover, the backup target (110) may include a target corruptiondetection agent (112), which is described below.

In one embodiment of the invention, the target corruption detectionagent (112) may refer to a computer program that may execute on theunderlying hardware of the backup target (110), which may be responsiblefor metadata submission therefrom. More specifically, the targetcorruption detection agent (112) may include functionality to: receivedata belonging to a given asset (104A-104N) from the asset source (102)during a backup operation targeting the given asset (104A-104N); uponcompleting the transfer of the data from the asset source (102) to thebackup target (110), notify the data protection manager (114) of thecompletion of said data transfer; receive a request thereafter, from thedata protection manager (114), to provide metadata (or a cryptographichash thereof) descriptive of the transferred data; obtaining therequested metadata (or the requested cryptographic hash thereof) for thetransferred data; submitting, in response to the received request, theobtained metadata (or cryptographic hash thereof) to the data protectionmanager (114); and receiving, thereafter in return, instructions fromthe data protection manager (114) to either commit the transferred datainto storage on the backup target (110) or discard the transferred data,based on the submitted metadata (or cryptographic hash thereof). One ofordinary skill, however, will appreciate that the target corruptiondetection agent (112) may perform other functionalities withoutdeparting from the scope of the invention.

In one embodiment of the invention, the data protection manager (114)may represent information technology (IT) infrastructure configured fordata integrity check management. To that extent, the data protectionmanager (114) may include functionality to perform the method outlinedand described through FIG. 2 , below. One of ordinary skill, however,will appreciate that the data protection manager (114) may perform otherfunctionalities without departing from the scope of the invention.Furthermore, the data protection manager (114) may include and employ anintegrity verifier (116) to, at least in part, fulfill theaforementioned functionality, which is described below.

In one embodiment of the invention, the integrity verifier (116) mayrefer to a computer program that may execute on the underlying hardwareof the data protection manager (114), which may be responsible fordetermining whether metadata (or a cryptographic hash thereof) submittedfrom the asset source (102), and metadata (or a cryptographic hashthereof) submitted from the backup target, (110) match or mismatch. As aresult of the former, the integrity verifier (116) may deduce that thedata being targeted for backup, a copy of which now transferred to thebackup target (110), is corruption-free and, accordingly, may instructthe backup target (110) to commit the aforementioned copy of the datainto storage. On the other hand, as a result of the latter, theintegrity verifier (116) may alternatively deduce that the data beingtargeted for backup, a copy of which now transferred to the backuptarget (110), is corrupted and, accordingly, may alternatively instructthe backup target (110) to discard the aforementioned copy of the datait has obtained. One of ordinary skill will appreciate that theintegrity verifier (116) may perform other functionalities withoutdeparting from the scope of the invention.

In one embodiment of the invention, the admin device (118) may representany physical appliance or computing system operated by one or moreadministrators of the system (100). An administrator may refer to anindividual or entity whom may be responsible for overseeing system (100)operations and maintenance. To that extent, and at least as it pertainsto embodiments of the invention, the admin device (118) may includefunctionality to enable an administrator to: register the asset source(102) with the data protection manager (114); and submit protectionpolicies, concerning one or more assets (described below) on the assetsource (102), to the data protection manager (114). Thesefunctionalities are described in further detail in FIG. 2 , below.Further, one of ordinary skill will appreciate that the admin device(118) may perform other functionalities without departing from the scopeof the invention.

In one embodiment of the invention, the above-mentioned system (100)components (or subcomponents thereof) may communicate with one anotherthrough a network (not shown) (e.g., a local area network (LAN), a widearea network (WAN) such as the Internet, a mobile network, any othernetwork type, or a combination thereof). The network may be implementedusing any combination of wired and/or wireless connections. Further, thenetwork may encompass various interconnected, network-enabledsubcomponents (or systems) (e.g., switches, routers, etc.) that mayfacilitate communications between the above-mentioned system (100)components (or subcomponents thereof). Moreover, in communicating withone another, the above-mentioned system (100) components (orsubcomponents thereof) may employ any combination of wired and/orwireless communication protocols.

While FIG. 1 shows a configuration of components, other system (100)configurations may be used without departing from the scope of theinvention. For example, the system (100) may include more than one assetsource (not shown) and/or more than one backup target (not shown).

FIG. 2 shows a flowchart describing a method for source versus targetmetadata-based data integrity checking in accordance with one or moreembodiments of the invention. The various steps outlined below may beperformed by the data protection manager (see e.g., FIG. 1 ). Further,while the various steps in the flowchart are presented and describedsequentially, one of ordinary skill will appreciate that some or allsteps may be executed in different orders, may be combined or omitted,and some or all steps may be executed in parallel.

Turning to FIG. 2 , in Step 200, an asset source registration, for anasset source (see e.g., FIG. 1 ), is received from an admin device. Inone embodiment of the invention, the asset source registration may referto connection information for the asset source. Connection informationmay entail information necessary to connect to and/or interact with theasset source, which may include, but is not limited to: an InternetProtocol (IP) address assigned to the asset source; a network portnumber of the asset source through which a connection thereto may beattempted; and authentication information (e.g., authentication mode,username or login, and password) for accessing the asset source.

In Step 202, based on the asset source registration (received in Step200), the asset source is discovered and agents are deployed thereto. Inone embodiment of the invention, discovering the asset source may entailestablishing a connection with and successfully accessing the assetsource using the provided connection information. Further, agentsdeployed to and/or installed on the asset source may include, but arenot limited to, a backup and recovery agent and a source corruptiondetection agent (both described above) (see e.g., FIG. 1 ).

In Step 204, a protection policy, for one or more assets (describedabove) (see e.g., FIG. 1 ) on the asset source, is received from theadmin device. In one embodiment of the invention, the protection policymay refer to a collection of rules and/or preferences directed to theprotection of asset data and/or metadata. The rules and/or preferencesspecified in/by the protection policy may include, but are not limitedto: which asset data and/or metadata is/are critical regarding dataprotection; which modes of backup operations (e.g., incremental, full,etc.) should be performed that target the asset data and/or metadata,and how often (or on what schedule) should the backup operations occur;which backup target or storage medium should asset backup(s) becommitted to; what is the retention span or recovery point objective(RPO) assigned to the asset data and/or metadata; whether data integrityverification, in accordance with embodiments of the invention, should beapplied while performing backup operations targeting the asset dataand/or metadata; and in which information mode (described below) shouldthe aforementioned data integrity verification be performed.

In Step 206, based on the protection policy (received in Step 204), thebackup and recovery agent (deployed to the asset source in Step 202) isinstructed to initiate a backup operation targeting the asset(s) (ormore specifically, certain data and/or metadata therein) with which theprotection policy is associated. The instructions may specify performinga data integrity verification of the asset data and/or metadata and,accordingly, may further specify an information mode, where theinformation mode references a format of a predefined collection ofmetadata required to perform the data integrity verification. In oneembodiment of the invention, the information mode may reference anon-hash mode, where a predefined collection of metadata, descriptive ofthe asset data, may be sought to perform the data integrityverification. In another embodiment of the invention, the informationmode may reference a hash mode, where, alternatively, a cryptographichash of the aforementioned, predefined collection of metadata,descriptive of the asset data, may instead be sought to perform the dataintegrity verification. Further, in yet another embodiment of theinvention, the information mode may reference a combination mode, where:(a) a hash-mode based data integrity verification may be performedfirst; and (b) upon a successful result of (a), then a non-hash modebased data integrity verification may be performed second.

In one embodiment of the invention, for a given asset data of one ormore assets being targeted for data protection through a backupoperation, the predefined collection of metadata, descriptive of thegiven asset data, may include, but is not limited to: a data type of thegiven asset data; a creation timestamp generated for the given assetdata; a last modification timestamp generated for the given asset data;permission and/or ownership information associated with the given assetdata; a format or extension of the given asset data; a size (e.g., inbytes) of the given asset data; and a checksum associated with the givenasset data.

Further, in one embodiment of the invention, a cryptographic hash of agiven information set (e.g., the above-mentioned predefined collectionof metadata descriptive of a given asset data) may refer to a hash valueor output that results when the given information set is fed through acryptographic hash function. A cryptographic hash function may refer toa deterministic algorithm configured to map data of any arbitrary sizeto a bit array of a fixed size. Accordingly, being deterministic, acryptographic hash function always results in a same hash value/outputfor a given same input or information set. Examples of the cryptographichash function, which may be employed, may include, but are not limitedto: the MD5 message-digest algorithm (or MD5, for short); and one ormore variants of the Secure Hash Algorithm 2 (SHA-2) (e.g., SHA-256,which produces a 256-bit hash value/output).

In Step 208, source backup information is received from the assetsource. In one embodiment of the invention, based on the informationmode referencing a non-hash mode (described above), the source backupinformation may include a predefined collection of metadata descriptiveof asset data from the asset(s) with which the protection policy(received in Step 204) is associated. In another embodiment of theinvention, based on the information mode alternatively referencing ahash mode (described above), the source backup information may include acryptographic hash of the aforementioned, predefined collection ofmetadata. Further, in either embodiment, the source backup informationmay pertain to a state of the asset data on the asset source just priorto the initiation of a backup operation targeting said asset data basedon the instructions (provided to the asset source in Step 206).

In Step 210, a backup transferred notification is received from a backuptarget (described above) (see e.g., FIG. 1 ). In one embodiment of theinvention, the backup transferred notification may inform the dataprotection manager that transfer of an asset backup (i.e., a copy ofasset data of the asset(s) targeted for protection by way of the backupoperation (initiated in Step 206)) from the asset source to the backuptarget is complete.

In Step 212, in response to the backup transferred notification(received in Step 210), an information request is submitted to thebackup target. The information request may include the information mode(specified by way of the protection policy received in Step 204).Accordingly, in one embodiment of the invention, the information modemay reference a non-hash mode. In another embodiment of the invention,the information mode may alternatively reference a hash mode.

In Step 214, in response to the information request (submitted in Step212), target backup information is received from the backup target. Inone embodiment of the invention, based on the information modereferencing a non-hash mode (described above), the target backupinformation may include a predefined collection of metadata descriptiveof asset backup data pertaining to the asset backup. In anotherembodiment of the invention, based on the information mode alternativelyreferencing a hash mode (described above), the target backup informationmay include a cryptographic hash of the aforementioned, predefinedcollection of metadata descriptive of asset backup data pertaining tothe asset backup. Further, in either embodiment, the target backupinformation may associate with a state of the asset backup data, whichhad arrived at the backup target from the asset source.

In Step 216, a comparison is performed between the source backupinformation (received in Step 208) and the target backup information(received in Step 214). By way of the comparison, in Step 218, adetermination is made as to whether the source backup informationmatches the target backup information. In one embodiment of theinvention, if it is determined that the source backup informationmatches the target backup information, then the method proceeds to Step220. On the other hand, in another embodiment of the invention, if it isalternatively determined that the target backup information mismatchesthe target backup information, then the method alternatively proceeds toStep 222.

In Step 220, following the determination (in Step 218) that the sourcebackup information (received in Step 208) matches the target backupinformation (received in Step 214), instructions are provided to thebackup target to commit the asset backup into storage. That is, in oneembodiment of the invention, in having matching backup information, theasset backup that had arrived at the backup target from the asset sourceis found to be corruption-free and, accordingly, the asset backup may becommitted.

In Step 222, following the alternative determination (in Step 218) thatthe source backup information (received in Step 208) mismatches thetarget backup information (received in Step 214), instructions areprovided to the backup target to discard the asset backup. That is, inone embodiment of the invention, in having mismatching backupinformation, the asset backup that had arrived at the backup target fromthe asset source is found to be corrupt and, accordingly, the assetbackup may be discarded.

FIG. 3 shows an exemplary computing system in accordance with one ormore embodiments of the invention. The computing system (300) mayinclude one or more computer processors (302), non-persistent storage(304) (e.g., volatile memory, such as random access memory (RAM), cachememory), persistent storage (306) (e.g., a hard disk, an optical drivesuch as a compact disk (CD) drive or digital versatile disk (DVD) drive,a flash memory, etc.), a communication interface (312) (e.g., Bluetoothinterface, infrared interface, network interface, optical interface,etc.), input devices (310), output devices (308), and numerous otherelements (not shown) and functionalities. Each of these components isdescribed below.

In one embodiment of the invention, the computer processor(s) (302) maybe an integrated circuit for processing instructions. For example, thecomputer processor(s) may be one or more cores or micro-cores of acentral processing unit (CPU) and/or a graphics processing unit (GPU).The computing system (300) may also include one or more input devices(310), such as a touchscreen, keyboard, mouse, microphone, touchpad,electronic pen, or any other type of input device. Further, thecommunication interface (312) may include an integrated circuit forconnecting the computing system (300) to a network (not shown) (e.g., alocal area network (LAN), a wide area network (WAN) such as theInternet, mobile network, or any other type of network) and/or toanother device, such as another computing device.

In one embodiment of the invention, the computing system (300) mayinclude one or more output devices (308), such as a screen (e.g., aliquid crystal display (LCD), a plasma display, touchscreen, cathode raytube (CRT) monitor, projector, or other display device), a printer,external storage, or any other output device. One or more of the outputdevices may be the same or different from the input device(s). The inputand output device(s) may be locally or remotely connected to thecomputer processor(s) (302), non-persistent storage (304), andpersistent storage (306). Many different types of computing systemsexist, and the aforementioned input and output device(s) may take otherforms.

Software instructions in the form of computer readable program code toperform embodiments of the invention may be stored, in whole or in part,temporarily or permanently, on a non-transitory computer readable mediumsuch as a CD, DVD, storage device, a diskette, a tape, flash memory,physical memory, or any other computer readable storage medium.Specifically, the software instructions may correspond to computerreadable program code that, when executed by a processor(s), isconfigured to perform one or more embodiments of the invention.

While the invention has been described with respect to a limited numberof embodiments, those skilled in the art, having benefit of thisdisclosure, will appreciate that other embodiments can be devised whichdo not depart from the scope of the invention as disclosed herein.Accordingly, the scope of the invention should be limited only by theattached claims.

What is claimed is:
 1. A method for data protection, comprising:providing, to an asset source, instructions for initiating a backupoperation targeting asset data of an asset on the asset source;receiving, from the asset source and in response to the instructions,source backup information indicating a state of the asset data prior toinitiation of the backup operation by the asset source; receiving, froma backup target, a backup transferred notification informing that thebackup target has received a completed transfer of an asset backuprepresenting a copy of the asset data from the asset source by way ofthe backup operation; submitting, to the backup target and based onreceiving the backup transferred notification, a target backupinformation request comprising an information mode; receiving, from thebackup target and in response to submission of the target backupinformation request, target backup information indicating a state of theasset backup; making a determination that the asset backup, havingarrived at the backup target, is corruption-free based on the state ofthe asset data matching the state of the asset backup; and instructing,based on the determination, the backup target to commit the assetbackup.
 2. The method of claim 1, wherein the state of the asset datacomprises asset metadata descriptive of the asset data, the assetmetadata comprising a data type of the asset data, a creation timestampgenerated for the asset data, a last modification timestamp generatedfor the asset data, ownership information associated with the assetdata, a size of the asset data, and a checksum associated with the assetdata.
 3. The method of claim 1, wherein the source backup informationcomprises a cryptographic hash of asset metadata describing the assetdata prior to the initiation of the backup operation.
 4. The method ofclaim 1, wherein the information mode references a non-hash mode.
 5. Themethod of claim 4, wherein based on the information mode referencing thenon-hash mode, the target backup information comprises asset backupmetadata describing asset backup data pertaining to the asset backupfollowing a transfer of the asset backup from the asset source to thebackup target.
 6. The method of claim 1, wherein the information modereferences a hash mode.
 7. The method of claim 6, wherein based on theinformation mode referencing the hash mode, the target backupinformation comprises a cryptographic hash of asset backup metadatadescribing asset backup data pertaining to the asset backup following atransfer of the asset backup from the asset source to the backup target.8. The method of claim 1, further comprising: providing, to the assetsource, second instructions for initiating a second backup operationtargeting second asset data of a second asset on the asset source;receiving, from the asset source and in response to the secondinstructions, second source backup information indicating a second stateof the second asset data prior to initiation of the second backupoperation by the asset source; receiving, from the backup target andfollowing a second arrival thereon of a second asset backup representinga copy of the second asset data, second target backup informationindicating a second state of the second asset backup, wherein the secondarrival of the second asset backup follows a second completed transferthereof from the asset source by way of the second backup operation;making a second determination that the second asset backup, havingarrived at the backup target, is corrupted based on the second state ofthe second asset data mismatching the second state of the second assetbackup; and instructing, based on the second determination, the backuptarget to discard the second asset backup.
 9. A non-transitory computerreadable medium (CRM) comprising computer readable program code, whichwhen executed by a computer processor, enables the computer processor toperform a method for data protection, the method comprising: providing,to an asset source, instructions for initiating a backup operationtargeting asset data of an asset on the asset source; receiving, fromthe asset source and in response to the instructions, source backupinformation indicating a state of the asset data prior to initiation ofthe backup operation by the asset source; receiving, from a backuptarget, a backup transferred notification informing that the backuptarget has received a completed transfer of an asset backup representinga copy of the asset data from the asset source by way of the backupoperation; submitting, to the backup target and based on receiving thebackup transferred notification, a target backup information requestcomprising an information mode; receiving, from the backup target and inresponse to submission of the target backup information request, targetbackup information indicating a state of the asset backup; making adetermination that the asset backup, having arrived at the backuptarget, is corruption-free based on the state of the asset data matchingthe state of the asset backup; and instructing, based on thedetermination, the backup target to commit the asset backup.
 10. Thenon-transitory CRM of claim 9, wherein the state of the asset datacomprises asset metadata descriptive of the asset data, the assetmetadata comprising a data type of the asset data, a creation timestampgenerated for the asset data, a last modification timestamp generatedfor the asset data, ownership information associated with the assetdata, a size of the asset data, and a checksum associated with the assetdata.
 11. The non-transitory CRM of claim 9, wherein the source backupinformation comprises a cryptographic hash of asset metadata describingthe asset data prior to the initiation of the backup operation.
 12. Thenon-transitory CRM of claim 9, wherein the information mode references anon-hash mode.
 13. The non-transitory CRM of claim 12, wherein based onthe information mode referencing the non-hash mode, the target backupinformation comprises asset backup metadata describing asset backup datapertaining to the asset backup following a transfer of the asset backupfrom the asset source to the backup target.
 14. The non-transitory CRMof claim 9, wherein the information mode references a hash mode.
 15. Thenon-transitory CRM of claim 14, wherein based on the information modereferencing the hash mode, the target backup information comprises acryptographic hash of asset backup metadata describing asset backup datapertaining to the asset backup following a transfer of the asset backupfrom the asset source to the backup target.
 16. The non-transitory CRMof claim 9, the method further comprising: providing, to the assetsource, second instructions for initiating a second backup operationtargeting second asset data of a second asset on the asset source;receiving, from the asset source and in response to the secondinstructions, second source backup information indicating a second stateof the second asset data prior to initiation of the second backupoperation by the asset source; receiving, from the backup target andfollowing a second arrival thereon of a second asset backup representinga copy of the second asset data, second target backup informationindicating a second state of the second asset backup, wherein the secondarrival of the second asset backup follows a second completed transferthereof from the asset source by way of the second backup operation;making a second determination that the second asset backup, havingarrived at the backup target, is corrupted based on the second state ofthe second asset data mismatching the second state of the second assetbackup; and instructing, based on the second determination, the backuptarget to discard the second asset backup.
 17. A system, comprising: anasset source comprising an asset; a backup target operatively connectedto the asset source; and a data protection manager operatively connectedto the asset source and the backup target, and comprising a computerprocessor configured to perform a method for data protection, the methodcomprising: providing, to the asset source, instructions for initiatinga backup operation targeting asset data of the asset on the assetsource; receiving, from the asset source and in response to theinstructions, source backup information indicating a state of the assetdata prior to initiation of the backup operation by the asset source;receiving, from the backup target, a backup transferred notificationinforming that the backup target has received a completed transfer of anasset backup representing a copy of the asset data from the asset sourceby way of the backup operation; submitting, to the backup target andbased on receiving the backup transferred notification, a target backupinformation request comprising an information mode; receiving, from thebackup target and in response to submission of the target backupinformation request, target backup information indicating a state of theasset backup; making a determination that the asset backup, havingarrived at the backup target, is corruption-free based on the state ofthe asset data matching the state of the asset backup; and instructing,based on the determination, the backup target to commit the assetbackup.
 18. The system of claim 17, wherein the source backupinformation comprises a cryptographic hash of asset metadata describingthe asset data prior to the initiation of the backup operation.
 19. Thesystem of claim 17, wherein the information mode references a non-hashmode, and wherein based on the information mode referencing the non-hashmode: the target backup information comprises asset backup metadatadescribing asset backup data pertaining to the asset backup following atransfer of the asset backup from the asset source to the backup target.20. The system of claim 17, wherein the information mode references ahash mode, and wherein based on the information mode referencing thehash mode: the target backup information comprises a cryptographic hashof asset backup metadata describing asset backup data pertaining to theasset backup following a transfer of the asset backup from the assetsource to the backup target.